How I can patch a private method of a delphi class?

15
votes

I have read these questions and answers

How to change the implementation (detour) of an externally declared function

Patch routine call in delphi

but i can't figere out how patch a private method of a class located in anoher unit.

Check this sample I want to patch the Bar procedure.

Unit ThidParty;
Interface
   Type
      TFoo =Class
        private
           procedure Bar;
       end;

I think which the key is find a way to obtain the address of the private method.

So, How I can patch a private method of a delphi class?

1
delphidelphi-xe2
AFAIK this is NOT possible since private methods/procedure are NOT part of the VMT and thus are not available via RTTI etc. It might be possible to hack this but this would need you to disassemble the other unit and then do some pointer arithmetic plus some assembly to get there...Yahia
See also Access a strict protected property of a Delphi class?. Class Helpers as mentioned by David.LU RD

1 Answers

23
votes

The solution outlined below works for versions up to and including Delphi Seattle. You can use a class helper to crack the class:

Unit1

type
  TTest = class
  private
    procedure Foo;
  end;

Unit2

type
  TMyTestHelper = class helper for TTest
    function GetFooAddress: Pointer;
  end;

function TMyTestHelper.GetFooAddress: Pointer;
var
  MethodPtr: procedure of object;
begin
  MethodPtr := Self.Foo;
  Result := TMethod(MethodPtr).Code;
end;

function FooAddress: Pointer;
begin
  Result := TTest(nil).GetFooAddress;//don't need to instantiate an object
end;

Pass the return value from FooAddress to one of your patching functions and you are golden.

However, starting with Delphi 10.1 Berlin, this no longer works! Class helpers can no longer access strict protected, strict private or private members. This "feature" was actually a compiler bug that Embarcadero has now fixed in Berlin. You are out of luck.